CVE-2024-5463

EPSS 1.64%
Published 04.06.2024 10:15:12
Last modified 04.08.2025 19:09:23
Source security@synology.com
Teams watchlist Login
Open Login

A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Synology ≫ Bc500 Firmware Version < 1.1.1-0383

Synology ≫ Bc500 Version-

Synology ≫ Tc500 Firmware Version < 1.1.1-0383

Synology ≫ Tc500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.64%	0.812

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
security@synology.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.synology.com/en-global/security/advisory/Synology_SA_24_07

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5463

EUVD